Mitigating the Risk of Data Exfiltration in a Regulated Industry

  • 19 February 2020

McMillan Williams Solicitors (MW) is a British consumer high street law firm. It is a top 10 conveyancing law firm, operating across the south of England with a mission to provide accessible, affordable, inclusive, innovative and personal legal services.

MW Solicitors is protecting 450 employees with Tessian Guardian, Tessian Enforcer and Tessian Constructor.

“A lot of our investment in recent years has been in security systems. Our investment into Tessian was part of the next step to ensure that our systems and client data remain secure.”
David Fazakerley Chief Information Officer

Making security a priority

MW Solicitors provides legal advice to clients across the UK. Chief Information Officer David Fazakerley is responsible for ensuring that the firm’s IT infrastructure is efficient and fit for purpose. With over 1,000 new clients every month, protecting client data is a top priority. 

Due to the high volume of clients, MW Solicitors’ attorneys must be efficient when tending to client needs. David notes that because of the pace of work, “mistakes can easily happen on email, especially due to features like autocomplete, which can lead to an email being accidentally sent to the wrong person.” David identified misdirected and unauthorized emails as two key problems that could compromise the firm’s data security. 

What’s more, from a compliance point of view, data loss and exfiltration can cause significant issues for law firms, resulting in many hours spent on incident management and potentially having to file a report to the ICO. Seeking a solution that would ensure that their sensitive data remains secured, MW Solicitors turned to Tessian.

“We’ve noticed a huge difference in time and efficiency, because now we are able to pick things up almost immediately. The Tessian dashboard’s ability to highlight anomalies allows us to deal with any issues straight away.”
Charlotte Mays Compliance and Data Protection Manager

Efficiently mitigating the risk of data loss

Tessian’s ability to easily integrate into MW Solicitors’ layered security system without having an impact on the infrastructure was a key benefit for the firm’s Risk and Compliance team. Tessian produced positive results shortly after deployment. 

MW Solicitors deployed Tessian Guardian to prevent accidental data loss due to misdirected emails. One of the most common mistakes that can lead to a misdirected email is an employee inputting the wrong client email into a case management system. “This can be as simple as putting in hotmail.com instead of hotmail.co.uk,” notes Charlotte Mays, Compliance and Data Protection Manager. This is a problem because case management systems are unable to recognize such mistakes. Tessian Guardian can prevent emails from being sent to an incorrect address saved in the case management system. It does this by analyzing the firm’s historical email data in order to understand sending patterns and relationships between contacts. By learning what the “normal” or correct email address is from previous communications, Tessian Guardian can automatically identify the abnormal email address and notify the user that the incorrect recipient has been included in the email. 

MW Solicitors also deployed Tessian Enforcer to prevent data exfiltration by email to personal or non-business domains. Tessian Enforcer understands the difference between authorized and unauthorized accounts by looking at emails that each employee has sent and received in the past in order to identify non-business contacts. If an employee sends an email to an unauthorized account, Charlotte and her team are now able to easily detect this. This has been “a huge improvement, as before it might have been difficult to even identify the employee in the first place,” notes Charlotte. MW Solicitors’ Risk and Compliance team are now able to review the Tessian dashboard to see in real time if data has been sent to unsafe destinations. 

Building a culture of transparency

David aims to build a culture of transparency when it comes to data security. If all employees have an understanding of the security solutions in place, David believes that this will improve employee awareness and accountability.

As MW Solicitors continues to grow, highlighting the importance of data security will be vital. 

Human error is a constant, but if employees are armed with the right tools to prevent mistakes from occurring in the first place, then damage can be minimized or avoided altogether. 

Learn more about how Tessian prevents human error on email

Tessian is building the world’s first Human Layer Security platform to automatically secure all human-digital interactions within the enterprise. Today, our filters use stateful machine learning to protect people using email and to prevent threats like spear phishing, accidental data loss, data exfiltration and other non-compliant email activity. To book a demo and learn more about how we can help your organization, click here.